CIPS CONNECTIONS

This week, Stephen Ibaraki has an exclusive interview
with Trevor Eddolls, Founder and CEO of iTech-Ed Ltd. Trevor has written a
number of books and large number of articles on what's happening in the
computer industry with an emphasis on the mainframe marketplace and large
enterprises. He has edited Xephon's technical Update journals for 20 years
providing his insight into significant trends.

Trevor’s authoring credits include: VM Performance
Management; Introduction to VM; and ASO: Automated Systems Operations for MVS.
He has written and produced user surveys such as MVS Automated Operations
Software and The Help Desk in Practice. Moreover, he has chaired numerous
seminars and lectured extensively in the UK, Europe, and the Middle East. He
had three articles published in the Technical Support Journal in 2005.

His articles and papers have appeared in a wide selection
of periodicals. To find current information about Trevor’s activities go to, http://www.itech-ed.com/, a
company Trevor founded in 2004 which provides writing and editing services, as
well as training and Web site development.

The latest blog on the interview can be found on March 21, 2006 in the Canadian IT Managers (CIM) forum where you can provide your comments in an interactive dialogue. http://blogs.technet.com/cdnitmanagers/

Q1: Trevor, can you elaborate on SOA (service
oriented architectures)?

A: SOA, with its use of mainframe-based
applications such as those running under CICS, is merely part of a growing
trend to link everything and be able to run it from anywhere. This is something
that we'll be seeing a lot more of over the next few years. And with it comes
huge security implications.

A: The one good thing about mainframes was that you could
control who could access applications and data files. Plus, you had a complete
log of what had happened. This made them very secure, and, of course, the
reason they are still used by banks, insurance companies, and anyone else
dealing with money, etc.

The problem with SOA in terms of security is that anyone
could gain access to applications and files from a browser. That browser could
be running on a computer anywhere in the world, or in fact, could be running on
any intelligent device. I can access the Internet from my phone and so can
anyone else with the appropriate model mobile phone. Sites may want anyone to
be able to access some data – perhaps check their name and address – but
restrict access to changing data. However, once security checks are put in place,
it can get very off-putting for the user. Think about the last time you used
online banking. It’s convenient to get a balance, see whether a cheque has been
paid in, make a one-off payment, but it is really irritating to type in all the
numbers that prevent others accessing your account. That’s part of the
balancing act that companies are going to face. It’s convenient to let people
use the applications, but there has to be a way to ensure that the correct
person is doing so, without making it so difficult for them that they don’t use
the facilities offered.

Part of the answer to the security challenge will come
from the increasing use of the Integrated Cryptographic Service Facility (ICSF)
on mainframes and, of course SSL. There’ll also be greater use of Enterprise
Identity Mapping (EIM) as a way of mapping installation-wide user identity to a
local platform.

Q3: What estimates do you forecast for SOA’s penetration into large enterprises and expound further how it will impact enterprises? Can you share some examples with us?

A: All the major software companies have been talking
about SOA for a couple of years now, and each can give examples of customers
who have taken the plunge. An indication of how active this area is at the
moment is the number of mergers and takeovers. For example, Progress Software
recently bought NEON Systems. NEON had a number of products containing the word
“Shadow”, like Shadow zServices CICS, which are SOA products. NEON itself had
not long before acquired Clientsoft. Attachmate and WRQ formed AttachmateWRQ.
Seagull took over SofTouch. Other companies worth keeping an eye on are IBM
(obviously), Jacada, NetManage (with their Librados connectors), IONA, and
Attunity.

Because there is an advantage to companies who already
have mainframes to make the information more easily available, there will be a
huge growth in the use of SOA in the next two or three years. It offers all the
advantages that were suggested all those years ago for client/server systems.

It’s also worth keeping in mind that CICS TS 3.1 can also
work backwards! What I mean by that is CICS can also act as a Web service
requestor as well as a Web service provider. This means that CICS can make use
of Web services provided on other platforms and hugely extends the services
that users can enjoy. Of course, it makes security even more of an issue.

Q4: Where do you see outsourcing positioned within the
next three years and what are the reasons for this?

A: Outsourcing will continue to grow. It is often the
most economic way for medium-sized companies to run their computer-related
business. It allows them to offload the security responsibilities as well. By
that, I mean not only ensuring that the right people access the applications,
but also the back-up/restore responsibilities and the off-site back-up
responsibilities etc. Smaller companies probably can’t afford outsourcing
company prices. Larger companies will find the cost/benefit ratio is one that
oscillates in their favour and then away again.

Q5: What are the major challenges and their solutions behind today’s compliance issues?

A: There used to be a humorous saying that standards were
so important you could never have too many of them. And, yet again, the IT
industry finds itself in the same situation. It is important that all companies
comply with certain regulations. And it is important to any company that it is
following best-practice in the industry. This stops it being uncompetitive and
should prevent any fraud cases being brought – and there have been some
high-profile fraud cases. It does seem to lot of people that more time is being
spent complying with standards than actually doing any business. More time is
spent ticking boxes than actually performing productive work. The other
compliance issue is that what is suitable for one size company in one industry
may not be completely suitable for company that’s a completely different size
in a different industry sector. It sometimes seems that compliance issues are
ways of keeping a variety of consultants in paid employment rather than moving
the business forward.

A: An interesting question… Do we need Randolph Scott to
ride into town and clean it up? The Internet is a reflection of life. There is
so much useful information out there and yet there is so much that most people
would want to avoid it most of the time – like any major city. Cleaning up the
Internet is probably only possible if we clean up human nature – and that’s not
possible. Like moving through a large city, the only way the Internet will be
safe for ordinary families is if everyone looks out for everyone else. If you
find something you’re not happy to see, then report it. Maybe an ISP didn’t
know it was supporting that kind of site and will get rid of it. If the seamy
side of the Internet is moved into its own ghetto, then people can make a
choice whether they visit. It removes the likelihood of stepping into something
unpleasant. And that’s probably the best we can do.

A: First of all, let’s define a legacy system. A legacy
system is any system on any application that is no longer under development. So
that system could have stood the test of time and been in place for 20 years,
it could have been running for two years, or it could have been finished last
week. It doesn’t have to be mainframe based; it could be running on Linux
boxes, or Windows.

The argument that usually plays out when these
discussions take place are whether to re-invent the wheel and face the costs of
developing a bespoke new system that does everything that’s required on today’s
platform of choice. Or, try to plug in some new bells and whistles on to a
lumbering old dinosaur that does exactly what it’s expected to do.

The UK Government is regularly talked into developing new
systems, which are always over-budget and frequently useless.

With the development of SOA and Web services, it seems
foolish not to make use of mainframe-based applications that already exist and
are appropriate. Where they aren’t appropriate, then developing completely new
applications seems to make more sense. Each project has to be evaluated on its
merits. Care must be taken that people’s prejudices and expertise are clearly
identified before the discussion starts.

A: The big software challenge is still security. Apart
from the annoyance of viruses and malware, (spyware etc), and the need to have
suitable safeguards in place, we’ve recently discovered that many companies are
making use of root-kits to get in under the operating system radar. Root-kits
have been found on Unix boxes and Windows machines (but not mainframes!). They
are basically software that is hidden on the hard drive and are able to run
without being detected. Sony apparently installed a root-kit when their CDs
were played on a computer. They claimed it was to stop the CDs being pirated.
After that, Norton revealed that their SystemWorks product also used a root-kit.
Both companies claimed they did it for our own good! The question is how many
other companies have done it – for our own good? How many other root-kits are
there that aren’t up to any good at all? And why didn’t Norton, or any of the
other anti-virus applications that we pay a fortune for, identify that our
computers were being attacked by root-kit software.

Spam will continue to be an issue. When you check your
e-mail and find that 49 of the 50 messages are spam, you know it’s time to do
something. What to do is still not sufficiently clear.

VoIP will over the next year or so become commonplace.
For years we’ve been predicting its imminent arrival – and now it’s here. With
so many people using broadband connections it’s very easy to talk using Skype
(now owned by eBay), or even with MSN – using a Web cam and a microphone. I’ve
done it myself to Canada, and have even interviewed someone in the USA for a
job in the UK using it. It will be everywhere.

Voice control technology will break out of the “Help
Centre” and turn up all over the place. Voice recognition software will make it
easier to perform mundane tasks and will soon find its way onto everyone’s
computer.

A: Hardware – as always – has got to get smaller and
faster, and batteries have got to get smaller, lighter, and last longer. No
computer has enough USB or firewire sockets for all the things that you can now
plug in to your laptop.

It’s likely that computers (of all sizes) will move to
retinal scanning or hand-print recognition rather than passwords. This will
start with the most secure terminals and gradually drop in price so that
everywhere has them. You’ll just expect a biometric scanner next to a PC or
terminal.

Disk drives will have a smaller footprint and larger
capacity. Removable memory will almost disappear because everyone will use
their mobile phone to transfer data from one place to another.

Bandwidth will still be a problem. As more people have
broadband, everyone will expect high-speed networks and the landlines will be
pushed to the limit of their technology. All that dark fibre that was laid down
years ago will all be transmitting data at its maximum capacity.

A: Software As A Service (SAAS) means that the software
is installed and run locally, but automatically maintained and updated from the
provider’s central servers. It’s an example of the ‘serviced client’. This is
exactly what you want for your anti-virus software, your anti-spyware software,
and your PC operating system. It means that you are always running the latest
version of the software with all the bugs fixed (until tomorrow!). It’s an
example of push technology and it seems like a good thing. It means that users
don’t need to worry. It does mean that users without an Internet connection are
going to be left behind.

A: Wireless and mobile computing is definitely hot. More
and more town centres are offering free wifi hotspots along the length of the
high street as a way of encouraging businesses. This trend will grow. Companies
like Fon are also going to be successful in the short-term. Fon has three
business choices for people with wifi in their homes. Basically you can sell
part of your bandwidth to passers by. Or, you can make your spare bandwidth
free and have free access from other Fon users wherever you go. The model has
been successful, apparently, in Spain. And is certainly and interesting
concept.

Personally, I want my mobile phone to use my home
broadband connection to make calls and access the Internet when I’m at home.
And I want it to do the same when I’m in the office (and even when I’m in
somebody else’s office).

Q12: What do you make of Web 2.0? What are the key technologies and forecast their impact on enterprises and consumers?

A: Web 2.0 grew from an idea that, although a number of
headlining dot-com companies had failed, the Internet really was very
successful. I’m not sure anyone has a clear definition, but everyone somehow
“knows” what it means. It’s a way of saying “the next generation” and tends to
involve Web services and people combining two or more applications to make
something new and exciting – like using Google map to show the area around
where you live and another application to show the best pubs, location of taxis
at this moment in time, where your children are (well not really that last one,
but it might be useful!).

For most consumers, this combination will just creep up
on them and the whole thing will be taken for granted.

Coming out of Web 2.0 you get the growth of RSS feeds –
which seems really good that you can see which news stories are of interest to
you as they happen. It’s also led to blogging! Weblogs can be useful, if people
know what they are talking about and have something interesting to say. Sadly,
the majority are written by people with little of interest to say, but lots of
spare time.

A: It will struggle to meet a combination of people’s
expectations with the growth in SOA and Web applications and the need to
conform to all the standards being imposed. It will be twice as hard for
companies working in the USA and Europe as they will have to conform to
similar, but different standards in the two geographical areas.

Q14: Where is RFID heading in 2006 and 2007? How will it impact corporations?

A: RFID is predicted to be everywhere. It will be
embedded in the clothes I wear and the food I buy. I’m not sure how happy I am
about that idea. A RFID tag on every letter or parcel I send seems a good idea.
A tag on my cat so I know where it is seems occasionally useful. Perhaps a
scanner that can tell me when a tin of beans is getting close to its
best-before date could be useful. But some of the stories about RFID everywhere
can be put in the same pile as the microwave oven connected to the Internet
story.

I’m not really sure how much impact it will have on a
typical company – whether there will be any more useful information available
than before. It just might take up more disk space to store the information.

A: My phone has got to be my favourite gadget – it’s a
Sony Ericsson p910i. It does all the usual phone things (make and receive
calls, send SMS and MMS messages). It can take photos and videos, and it’s an
MP3 player. It can read Word and Excel files and PowerPoint presentations. It’s
also got a PDF reader. It has bluetooth. It has handwriting recognition. I also
run Route 66 on it. Route 66 links to a GPS receiver and plots journeys for me
and shows the route as I drive along. It’s got GPRS as well, alarm clock,
jotter, games, and a host of other goodies.